"[W]e're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model."

Translation: AMD Ryzen, unaffected by the security flaw, have just clutched victory since this clears Intel's minor single-core IPC lead in some cases. Looking forward to February and March, AMD Ryzen will continue pushing past Intel with the release of its refresh desktop processors, which are certain to offer a sizeable clock speed boost over the first generation models.

<<...AMD Ryzen, unaffected by the security flaw, have just clutched victory...>>

...I'm sure that AMD will probably feel good about this, but I'm thoughtful about the millions of existing Intel desktops, laptops and tablets. If the average performance loss is a few percent, that will be one thing, but if it's double digit percent, that will be something else...

<<...AMD Ryzen, unaffected by the security flaw, have just clutched victory...>>

...I'm sure that AMD will probably feel good about this, but I'm thoughtful about the millions of existing Intel desktops, laptops and tablets. If the average performance loss is a few percent, that will be one thing, but if it's double digit percent, that will be something else...

Note that in a new statement, Intel is saying that performance losses will be mitigated over time...

Click to expand...

For future processors? With driver updates? Through code refactoring just for Intel? I am tending towards the first and third options which I propose, with the third likely not amounting to much since developers aren't necessarily going to dust off old code when future processors will do the job for them absolutely free. Besides, I don't think any number of firmware and driver updates can fix the reality of the requisite cache flushing that is required for this security fix which impacts a decade's worth of Intel processors.

In clearing the processor cache, the processor now, by default, must go to the high latency main system memory to re-grab data and code thereby adding milliseconds of delay which equates to eons in modern computer systems. Really, no fix can completely negate this problem given the factors of difference between processor cache and main memory latency. Processor cache is awfully important and without processor cache being harnessed to its fullest extent in Intel's entire processor line, we are looking at drastically slower application performance in cache intensive tasks on all Intel processors.

Something else to keep in mind: Intel already knew this way back in June 2017:

"But while the public is just being informed about the security problem, tech companies have known about it for months. In fact, Google informed Intel of the vulnerability in June, an Intel representative told Business Insider in a statement.

"That means Intel was aware of the problem before Krzanich sold off a big chunk of his holdings. Intel's CEO saw a $24 million windfall November 29 through a combination of selling shares he owned outright and exercising stock options.

"The stock sale raised eyebrows when it was disclosed, primarily because it left Krzanich with just 250,000 shares of Intel stock — the bare minimum the company requires him to hold under his employment agreement."​

"...Intel also says “contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

That’s actually in keeping with what we noted earlier today: some activities such as gaming seem to be largely unaffected. But as discovered by Phoronix, some tasks, like PostgreSQL and Redis seem to take serious performance hits on a Linux system with the updated version of the Linux Kernel designed to address the security vulnerability.

So you may or may not notice a big performance hit depending on what it is you’re using your computer for..."

This article from Tom's Hardware has some very interesting language in it (think: statements intended to position to avoid litigation) and the article also argues that performance losses for the average (non-data center) user will be small:

...and, if you aren't sick of reading about it by now, here's yet another take on the two vulnerabilities and their potential performance impacts. Note that this article makes it clear that Spectre cannot be patched at this time and will remain a threat, albeit a remote one, for now: